Libvirt Driver File Disclosure Vulnerability in OpenStack Compute
CVE-2016-2140
5.3MEDIUM
Summary
A security vulnerability exists in the libvirt driver of OpenStack Compute (Nova) affecting versions prior to 2015.1.4 and 12.0.x before 12.0.3. When raw storage is utilized and the 'use_cow_images' option is set to false, remote authenticated users may exploit this flaw to read arbitrary files through a specially crafted qcow2 header in ephemeral or root disk. This could lead to unauthorized access to sensitive information, posing risks to data confidentiality in OpenStack environments.
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved